You can use a system-wide CA database to ensure that any applications that use the
database trust any of the certificates that are stored on it. You can import the certificates that
you create for SSL between the Logstash and LFA servers into
this type of database. This step is optional.
Procedure
-
To copy the certificate to the system-wide database, enter the following command:
$ sudo cp mycert.pem /usr/share/ca-certificates/<cert_name>.crt
where
<cert_name> is the name of the cert that you want to import.
-
Add the names of the files that you import to the CA certificate configuration manually or you
can use a command.
To add the CA certificates with a command, enter the following
command:
sudo dpkg-reconfigure ca-certificates
To manually add the certificate names, edit the
/etc/ca-certificates.conf
file. Add the list of certificate names at the end of the code after the last hashtag (#). For
example:
# This file lists certificates that you wish to use or to ignore to be
# installed in /etc/ssl/certs.
# update-ca-certificates(8) will update /etc/ssl/certs by reading this file.
#
# This is autogenerated by dpkg-reconfigure ca-certificates.
# certificates shoule be installed under /usr/share/ca-certificates
# and files with extension '.crt' is recognized as available certs.
#
# line begins with # is comment.
# line begins with ! is certificate filename to be deselected.
#
<cert_name>.crt
example.com/example.com.crt
where
<cert_name>.crt is the certificate file that you want to
import.
-
To update the system-wide database, enter the following command:
$ sudo update-ca-certificates
Results
You imported your CA certificates into the system-wide database. All the applications that
use the database can now trust this certificate.